Mobile account login about 10 mins on mac os x server

Similar Messages

• Mobile account login delay when offline from Active Directory

  We're getting a few MacBook Pros setup with our AD domain. All is well while on the network, but when traveling, it takes our users about 20-30 seconds to login, presumably because the client is trying to authenticate against a domain controller. Accounts are setup as mobile accounts so the credentials are cached locally.
  It's frustrating that a solution isn't more readily published by Apple given how common a use case this is. It shouldn't be buried somewhere in a forum.

  I figured it was because AD was somehow being looked up. I got it nailed down the the wireless connection. Turning off the AirPort connection is not a viable option as not all users are savvy enough, or remember to turn it off before taking their laptop home. One instructor was setup this way and she's isn't happy with the "resolve".
  On further research, I have determined a plausible solution, at least with Mac OS 10.4.7. I haven't tested anything earlier. Open the System Preferences and then Network. Show the AirPort configuration, then click on the Option button located next the checkbox to show the AirPort status in the menu bar. There's a checkbox in there to "Disconnect from wireless networks when I log out." By checking this, the wireless connection will be disconnected but the card will remain on. This will force the computer to use the cached credentials on log in. When the user logs in, the computer will attempt to reestablish a connection with the wireless network.
  I'll let you know if this works with other Macs as well.

• Mobile Account Login/Logout Sync Not Skipping Inputted Items

  I'm running a Leopard Server 10.5.6 Advanced Config ODM.
  No matter what I put into the Login & Logout Sync tab underneath "Skip items that match any of the following" it still syncs everything.
  I enter "ends with" ".mp3", "mp3" and it still syncs the test MP3s I put onto the desktop for the user.
  I ask it to not sync ~/Documents and it still syncs the test documents I put into that folder.
  This user is set to sync at login and logout with no background sync. The client machine is using 10.5.6.
  Merge with user's settings NOT checked
  Background Sync > Never
  Option > Never
  Account Creation > Creation
  Create mobile account when user logs in to network CHECKED
  Create home:
  with default sync settings: CHECKED

  Thanks for the reply.
  Under
  GROUP->PREFERENCES->MOBILE->RULES
  Login and Lougout Sync->Always
  Sync at login and logout->Checked
  Merge with user's settings->Not Checked and never has been.
  Unfortunately, that can't be it
  Here are some screen shots of my settings. As you can see Background sync is not enabled.
  Nevermind, it won't let me attach files.
  Message was edited by: jakelh

• Question about mac mini with Mac OS X Server

  Hello forum,
  first I want to say hello to each, because this is my first post in this forum.
  I want to buy a mac mini, but I have further questions before i buy.
  My Situation is, that currently I have a windows and a linux server (Windows => Exchange and Linux as a build server). Now i want to remove such servers and replace it with one mac mini server.
  1.) Currently I have an exchange server...Is it possible to use Mac OS X Server to work like an Exchange server?
  2.) I plan to use it as a build server which generates bundled software for Mac OS, Windows and Linux (Windows and Linux where running in VMWare Sphere)
  Is this possible with it?
  Thanks in advance
  Best Regards
  Roman80

  1.) Currently I have an exchange server...Is it possible to use Mac OS X Server to work like an Exchange server?
  That depends on how deeply-embedded you are into Exchange.
  If by 'Exchange' you mean the basic email/messaging tools then yes, but if you mean the full MAPI client/SharePoint/messaging/sync/compliance tools then no.
  2.) I plan to use it as a build server which generates bundled software for Mac OS, Windows and Linux (Windows and Linux where running in VMWare Sphere)
  This isn't an option. vSphere will not install on a Mac Mini. The only VMWare option for the Mac Mini is VMWare Fusion, which does allow running client OS systems in a virtual machine, but does not support the full suite of VMWare functionality. Whether it has enough for your needs cannot be determined without more details of how you expect this to work - if it's just a matter of having a Visual Studio running in a Windows VM, and some other compiler running in a Linux VM then it may be possible, it just depends how deep you need to go.

• Decommissioned a file server, but every mobile account in the place is still trying to connect to it on login!

  A couple of months ago we decommissioned the 10.4.11 xserve that was serving as our LDAP server and home directory server for mobile accounts.  We migrated all of that to a newer 10.6.8 xserve.  It was a fairly rough migration, but we've pretty much sorted it out except for one last annoyance: when you look at System Preferences->Accounts->Login Items for all of our mobile accounts, every single client is still trying to mount an afp share on the old server.  Logging in takes FOREVER because the connection needs to time out, so now my users are no longer logging out/in as often as they should, and so their Home Sync's are getting old.
  When you go to the client's Preferences, the line referencing the old server share is still there, but the minus sign is greyed out so the item cannot be deleted.
  The Kind is listed as "unknown" and there is a grey warning triangle next to it.
  This is clearly some sort of template/Preference that is hardcoded to the old name, and whatever file this is got moved to the new server (which has a different name and different numeric IP address.)  Because even the BRAND NEW users that I have created since after "pdc04.hgbc.com" disappeared are trying to log in to the non-existent share on the non-existent server, too!
  I have tried running grep on the entire disk on one of the clients looking for the string "pdc04", and updated everything that I found using vi directly on the files.  I have tried running grep on select directory trees on the new file server looking for pdc04.  In my grep on the client, I found the string in
       /Library/Managed Preferences/user/loginwindow.plist
       /Library/Managed Preferences/user/complete.plist
  but searching all of the logingwindow.plist and complete.plist files on the new server comes up with nothing.
  Does anyone have any idea where the template or preference or plist is on the server so that I can delete or update the file with the new host name?

  I think that Grant is on the right track -- but the problem is that whatever file that pdc04's Server Manager wrote into is not available to pdc's Server Manager to edit or even display.
  We upgraded mostly by turning off the G5 10.4 xserve and unplugging the fiber-channel RAID (with user accounts on it) and plugging the RAID into a fiber-channel card on the new (to us) Nehalem 10.6 xserve, which we did after using Migration Assistant between the machines.  Then we had various and sundry problems, and we ended up moving all of the mobile account directories to the internal RAID on the new server.
  Clearly there is a file somewhere that acts as a template for mobile accounts and it refers to the old machine but its been moved to the new machine.
  Only two of the mobile accounts have directories in the /Library/Managed Preferences folder.  One of them, ironically, is mine, and my account hasn't worked right since we went to the new server.

• Mixing mobile account and network account.

  Is it possible to have mobile account on some computers and network account on others and having the same user logging in (only one login at a time) without sync issues ?
  I have tested it with account preferences set on computers and it is working nice until I have been logged in on a computer with networked account, then I experience sync issues. Every time I log in mobile account I got a dialog window asking me to select "Sync Later" , "Mobile" or "Networked". It does not matter what I select, the dialog comes back everytime I log off and on with the mobile account. I have only managed get rid of it by deleting mobile account and sync it again.
  Message was edited by: kenguru

  Again, thanks for taking your time explaining this for me.
  After been reading the User Management documentation from apple about Managing Portable Computers (Chapter 8), I got the opposite impression about running Mobile Account on multiple computers. From this text, as I read it, it is a common thing to do, as long as we are aware of sync issues that might occur and know how we shall deal with it.
  So I'm a little confused about this topics, as it seem to make sense what you are saying, but the documentation says something different.
  I have tried setting sync preferences on the user instead, so that every login is made with a mobile account on every computer. That seems to work ok. Off course sync issues may arise, but here the the file sync can be fixed through the dialogs windows that pops up. Unlike under the mix of network logins and mobile account logins where it doesn't matter which location I set to be the place containing the most recent files. This only occurs after a network account login. If I have been logged on another computer set up with mobile account everything syncs nicely. I think
  So for now, I think I will stick with setting up users with mobile account preferences and skip the networked account.
  Does this make any sense or am I still mistaking here?
  Ok, thanks for all you help.
  Bernt

• 10.5 server, 10.4 clients getting multiple mobile accounts - weird results

  I would like to reopen this discussion:
  http://discussions.apple.com/thread.jspa?threadID=1664772&tstart=7
  What happens visually is that the user appears to log in to a network account, but the Macintosh HD icon changes to the "house" used for the home directory, and all the mobile account data (which is naturally in /Users/<login>) is not accessible. If you use Netinfo Manager or System Preferences, you can see multiple accounts for the user.
  We have been getting many laptops randomly succumbing to this bug. 10.5.8 server, 10.4.11 clients. I ran nicl on one that was affected today, with "nicl . -list /users", and found 3 user account records with the same login. I then used the "directory IDs" from the nicl -list commands and compared the data for each account with "nicl -v . -read <dirID>" replacing <dirID> with the numeric directory IDs for the accounts.
  One of the accounts had no "home" attribute, so I deleted it using "sudo nicl . -delete <dirID>". The only difference between the other accounts is the value of the "copy_timestamp" attribute (it differed by 20 seconds or so). I blindly removed the record with the later copy_timestamp value, after which I was able to login to the mobile account normally.
  Interestingly during the login, I pinged the machine rapidly over ssh, running the "nicl . -list /users" command. I could see the original directory ID. Then for a while a new directory ID appeared and the old one was gone. Then both the old and the new appeared. Finally, after the successful login, the old directory ID was back. I guess the mobile account login process is constantly banging on Netinfo.
  Another thing to note is that when I go to Workgroup Manager (10.5) and bring up the Mobility > Acount Creation preferences, they show up with the "Never" and "Always" buttons half-selected ("-"), as well as the one for the "Show "Don't ask me again" checkbox" setting. Guess the com.apple.MCX.plist file schema changed from 10.4 to 10.5. I will research the differences. Maybe I'll get lucky and stop this behavior from happening...

  The thing that causes the "-" half-slected buttons on the Account Creation tab is the absence of a value for the (new in 10.5?) attribute in the com.apple.MCX plist file. You can find this by using the Inspector in Workgroup Manager, getting the user account and editing the MCXSettings attrbute:
  cachedaccounts.WarnOnCreate.allowNever
  otherwise known as "Show Mobile Account Dialog's Never Option" if you look in the Details tab of Workgroup Manager,
  otherwise known as "Show "Don't ask me again" checkbox" if you look in the Account Creation tab of Workgroup Manager.
  Pet peeve -- three different terms for the same thing?

• Mobile accounts sudo Password dont work

  i have mobile accounts which stay in sync with homesync to the server.
  we i want to change some settings sudo in terminal on the mobile account it always say wrong password but use the admin password of the computer!?

  If I am understanding your problem it sounds similar to what I considered to be a bug introduced way back when Tiger came out.
  A mobile account on say a laptop cannot do sudo even if you know and use the correct local admin password. The same mobile account can enter a valid admin name and password in to a GUI dialog box to authenticate. I did report this to Apple but they did not seem to agree or understand.
  A workaround I found was to do the following
  su admin
  enter password
  sudo command
  enter password
  That is a mobile account can switch user to an admin account in Terminal and then from that do the sudo command as normal.

• Can I upgrade from Mac OS X Server 10.6.8 to Lion?

  I am currenty running a Mac mini with Mac OS X Server 10.6.8 and would like to upgrade to plain Lion OS X, can I do this or will their be problems going from a server OS to the normal OS?

  Choose About this Mac from the Apple menu, click on More Info, and check the model identifier against the following, which are the earliest Macs of each type that can run Mountain Lion:
  iMac7,1
  MacBook5,1
  MacBookPro3,1
  MacBookAir2,1
  Macmini3,1
  MacPro3,1
  Xserve3,1
  If your system's compatible, buy it from the Mac App Store. A computer incapable of running Mountain Lion which has a Core 2 Duo(not Core Duo) or better CPU and at least 2GB of RAM can run Lion 10.7, which is available by phoning the online Apple Store and ordering a download code for it.
  (84155)

• Cloning a Mac OS X Server to a remote location

  Scenario: A Mac Mini running Mac OS X Server is in location A and a second Mac Mini running Mac OS X Server is to be acquired and setup at a remote location.
  Desire: Do a nightly backup of Server A to the second Mac Mini so that Server B is a bootable clone of the primary server.
  Question: What is the best software/approach to do this?
  Discussion: I'm familiar with and use SuperDuper, Synchronize Pro and Carbon Copy Cloner for performing file by file backups and synchronization where the hard drives are on the same server ... but I'm not sure if any of these are the best alternative to backup a MAMP Pro installation on the Server (along with other applications and data) to a remote server box.
  I realize that particularly within the Moodle VLE (that will be running on the servers) that absolute links will still point to the primary server but that is not an issue for me. In the event of a catastrophic failure of Server A at least there would be an offsite clone that could be accessed if a few settings were changed.
  BTW: Server A is hosted by a commercial hosting service and no backup drive is available on-site for a file x file backup/synchronization. We do have full access to the server via ARD, Timbuktu Pro, AFP, etc.

  Can you expand your info on the use of these two approaches, particularly the mysql replication
  Well, my approach requires that there's some kind of connectivity between the two machines - preferably a VPN network to secure the traffic, but it doesn't have to be done that way.
  rsync essentially takes two directories - one local and one remote - and compares the differences. Depending on the switches you use it will copy the changes from one system to the other (or both if that's what you prefer). In this case I'd set it to copy the local web directory to the remote machine, so the remote machine has a copy of all the files.
  rsync works best for static files (e.g. .html, .php, etc. in the case of a web application), but shouldn't be used for dynamic files such as your database files.
  As for the data, MySQL has substantial built-in replication routines that are designed to keep multiple database servers in sync. There's far more to it than I can go into here, suffice to say it can maintain a real-time copy of your data on a second, remote machine, and you should read the documentation for the specifics.

• Lion Server Setup (Network Login/Mobile Account and more...)

  Hardware:
       Mac mini Intel Core i7, 2 GHz, 8 GB memory (Server)     x 1
       iMac 21.5" 2.8GHz Intel Core i7, 12 GB memory (Workstation)     x 6
  Operating System:
      Mac OS X Server Lion 10.7.4 (11E53)
       Mac OS X Lion 10.7.4 (11E53)
  Relevant Software:
       Server.app Version 10.7.4 (1.4.3)
       Workgroup Manager Version 10.7 (400.3)
       Server Admin Version 10.7 (355)
  So my head's swimming with "I dunno's" and I've been perusing probably all the wrong threads trying not to sound like a noob and find the literature that will finally lead me to a solution.  This is my first rodeo so make no assumptions about my experience (maybe).
  Short Version
  I can't login network users.  I get an error "You are unable to log in to the user account "<%short_name%>" at this time.  Logging in using >console tells me this No home directory: <path to home directory>    i.e. /Network/Servers/department.domain.com/Department/Accounts/bbunny
  If anyone can point me where to read, I will do so.
  Perhaps a longer discussion on how to verify that the proper permissions exist on the share/home directory in question and what those would be.
  More detail...
  I want to setup a Mac Mini server to have network login accounts stored on the 2nd data volume in a directory we shall call Accounts*.  Here all the "network users/logins" have their home directories, so that when they login at the workstation the idea is the workstation will sync their account and allow them to login, if the server is not available, the hope is I can configure it to allow them to login if they've logged in before and the files will sync when they are able. That being the ideal, I get the impression that for best practices, Apple is discouraging the use of mobile accounts that use Home Sync perhaps because it's reliability has been iffy, please advise.  A windows user might think of this as "roaming profiles" but, if I understand it, its a little more than that.
  Note, I do not want to login to the server and actively work on that network share, I want the account to be local and sync'd as needed.  But I want the user to be able to sit at any of the 6 other workstations and see the same documents, emails etc.  Obviously if the server is down, it won't be possible to authenticate, but I think it should have cached credentials that should allow the user to login if the server is down and still go about their work.
  This is the small picture...there is a larger picture that involves, parallel virtual machines of Windows Server 2008 R2 on server and and Windows 7 on the client, ical, ichat and perhaps wiki's.
  I apologize for the roughness of this question, in the interest of brevity, I have plenty of problems that led me here that I can expound upon if asked.
  Also a silly question someone might know the answer too, Why does the login payload settings that I have pushed to a workstation device, sometimes vanish inconsistently upon logout? 

  Ok, Some Good news and clearer understanding to disseminate in this post I hope it helps
  "the Universe" so I am posting it here in my "ever-the-noob" blog on apple forums.
  Problem
  What do you do when you get an error when logging into a mobile account setup?
  One symptom would be the error message below...
       "You are unable to log in to the user account "<%short_name%>" at this time.
  Logging in using >console  You get the message…
       "No home directory: <path to home directory>"
       or
       "You are unable to log in to the user account "<%short_name%>" at this time. 
       Logging in using >console tells me this No home directory: <path to home directory>
  Solution
  Do the check list…
  Short Version
  Sever Admin.app > Access (Key Component)
  Check Permissions on directories for your file shares. 
  (The reason stuff doesn't work especially when you're rebuilding/recovering a server)
  File sharing setup (Turned ON, Home sharing Enabled)
  Directory Utility > Directory Editor or dscl 
  ( Do not underestimate the importance of this part!!!!
  Use white-gloves when you're handling it though!!! )
  Workgroup Manager
  (You're poopy "main" interface that really is a "window", not a "door", but maybe Apple likes to do things "Dukes of Hazard" style?)
  Long Version
  Check Sever Admin.app > Access
  Make sure that your user has the "Proper" access.  For me I created a test user from Server.app and saw what access he had as a way to "check myself for a properly created users" and because I think one is kind of on his/her own using WGM and duplicated the same access. (I was a little neater, though and did it with a group, not individual users, that would have been a mess!)
  Server Admin.app > Access
  Click the "+" sign, sort by UID and Add the imported users  to the following Services…
  ( You can use a group, but understand when Server.app creates users they get added
  individually to each of these groups. )
  Address Book
  AFP
  iCal
  iChat
  Mail
  Profile Manager
  SMB
  VPN
  Check Permissions on directories for your file shares. 
            (That's an understatement) I could go in depth about all the crap I had to read about, I still
            know I am missing a chunk of tech brain when it comes to the particulars. Basically, I boil
            it down to this…
            Permissions require thinking about things first with regards to POSIX permissions... good
            ole ls, chmod, chgrp, chown to the rescue with ugo permissions or the old 755, 600 etc
            stuff.
            Apple's file-sharing access uses this as a starting point to see what the user is allowed to
            access.
            I also needed to use chflags once to unhide a file that I mucked around with using xattr. 
            I still haven't figured out why folders can lose their triangles, but I didn't find out if you cp or
            move them from terminal, the triangles come back in the moved or copied directory.  For a
            minute I thought it was because cp alone doesn't preserve flag attributes, but mv actually
            works by doing a cp that preserves the flags, unless it's a bug.  I dunno.
            This helped me get my file visible again...
            chflags hidden path_to_file
            chflags nohidden path_to_file
            Read up on those manuals, if you're not a terminal type go to apples website
            http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/
            or download...
            http://www.bruji.com/bwana/ I thought that was cool.
            or if you prefer to read the manual in pdf try…
    man -t sharing | pstopdf -i -o ./Desktop/Sharing\ Manual.pdf
            man -t chown | pstopdf -i -o ./Desktop/CHOWN\ Manual.pdf
            man -t chmod | pstopdf -i -o ./Desktop/CHMOD\ Manual.pdf
            man -t chgrp | pstopdf -i -o ./Desktop/CHGRP\ Manual.pdf
            My basic guideline was avoid using ACLs if at all possible, if you try to use them, things
            can get crazy complicated, take notes and plan, baby. If you read above, opening up
            permissions wide is wrong though.  You would restrict permissions tightly to begin with and
            then place ACE (Access Control Entries) to specifically target the rights you want to enable.
            Here's one that's obviously a novice attempt to do this, but since the novice is the only one
            speaking…. here it is, Universe… >:P
            sudo chmod -R +ai "admin allow read,write,delete,file_inherit,directory_inherit,search,list" Department/
            That allowed my admin to do all the things a normal user could do so far… It fixed things for
            my admin, which made me happy.  I really hate having to authenticate or sudo just to see
            the contents of a nested directory.  I could explain it, and even give a few notes on why its
            probably overkill, but I will attempt to look less stupid till "poked".
            There's another command line utility I STILL haven't read, which may bear mentioning
            because…well I haven't read it.  umask (see wikipedia or unix.com)…I worked past my
            problems without going into it so far, but obviously it's there, and it serves a purpose.
            I also found this article helpful…and educational.  :O
            http://www.bresink.de/osx/300321023/Docs-en/pgs/ACL.html
            (          Its enlightening to hear the air whistling between a developer/coder's ears, still it's
                      apparent he has a clear idea what's going on.
                      Ever wonder why when you use get info to check or assign permissions it kind of
                      flakes out and doesn't take?  Read this article!          )
            Second, if you can't obtain the "specific" permissions you need with POSIX, chmod also
            can set the 2nd category of permissions, which windows users may be familiar with
            Access Control Lists (ACLs) and here you get some really fine granularity...messy stuff. 
            All in all, if I felt I could guide you through these murky waters, I would, but I think I'll let
            the professionals weigh in on that one and cut my wall-of-text to ribbons.
            To heuristically check I would connect from a client as one or two of my users and see what
            folders I could mount as a share, armored with an understanding of what ls -le@O * showed
            me in Terminal.
  3.)           File sharing setup (Turned ON, Home sharing Enabled)
            Here is an example of using command line sharing utility where each share is properly
            labeled (that took a bit for me to figure out) still this share only enables the AFP share as
            you can see from my flags.
    sudo sharing -a /Volumes/Hard\ Drive/Department/Database -A Database-afp -F Database-ftp -S Database-smb -n Database -s 100 -g 000 -i 10
            Then you do a sudo sharing -l and get back what you just did…
                                            List of Share Points
            name:                    Database
            path:                    /Volumes/Hard Drive/Department/Database
                      afp:          {
                      name:          Database-afp
                      shared:          1
                      guest access:          0
                      inherit perms:          1
                      ftp:          {
                      name:          Database-ftp
                      shared:          0
                      guest access:          0
                      smb:          {
                      name:          Database-smb
                      shared:          0
                      guest access:          0
            If you mess up the sharing command, you may not be paying attention (I wasn't) but there
            are a lot of defaults that Apple will just assume you meant to do anyway and it won't read
            any of your flags, you have to get it right or the flags will be defaulted. 
            (          Basically I could tell I was bombing it for one, I explicitly only wanted afp working, but
                      the default was afp and smb.  So each time I ran sudo sharing -l after I shot my sharing
                      command…back would come smb shared: 1 and I knew that wasn't right.  Also my
                      custom names were defaulting to the name of the directory not the name I had
                      specified.           )
            I like to know what protocol my share is over so when it doesn't work, I know which protocol's
            are connecting. It's not full-proof, but it's a bookmark.  I wish the network browser would
            identify the protocol that its available listed shares are using, because small visual queues
            like that help when you're trying to see what works.  Maybe that's something I should
            investigate via the command line?
            As a note about reading forums, I discovered using command line that "\" is kind of like a
            way of going to next line neatly with long commands…."\ " is a way to insert a space. As you
            can see above where I have a volume with a space in it. 
            Removing shares was a little trickier though, sharing -r Share\ With-space didn't work….I
            had to enclose it in quotes and do "Share With-space" instead. So nooby beware!
            (          *nix users are now rolling their eyes at this tip.          )
            I wasn't sure how you enabled a share for home directories from the command line, maybe its
            in the manual, but I was up to my eyeballs in manuals already so I haven't gone back to
            revisit this question since my work around was to go to Server.app and verify that what I set
            up in the sharing in terminal was being reflected in the gui…sort of my own MVC
            (model-view-controller) check.
  4.)           Directory Utility > Directory Editor or dscl 
    Make sure what you see in WGM and Server.app are reflected here….to that question let's
            take a journey where I did some exploring about that.
    Ever really wonder "WHY CAN"T I REMOVE AN OLD HOME DIRECTORY SHARE?!!!"
            Ah, then you will  - LOVE -  this tip…
            (          Provided my testing or yours, later, doesn't prove that in my ignorance I've broken
                      Open Directory. Remember, WHITEGLOVES!!!! but here we get a little dirty.  I think of
                      OD as Apple's Registry, but that's not what it is at all. However, you as the user do have
                      to "****" around in it from time to time.          )
            I scoured the forums and everyone was saying things like "You have to change your server
            role" etc. which seemed a little bit dumb to me (dumb because you're pushing views around
            not "controlling"), and well, yea, that share that I couldn't modify or delete was REALLY
            bugging me.
            Now hmm… Before you do ANYTHING, how do you try to not hurt yourself…in Windows you
            can make a Registry Backup….(yea bad analogy)  In Server Admin.app you can go to your Open
            Directory Service > Archive and Choose a place to Archive your information. (Figure this out by
            yourself, this is getting long…sheesh! It's easy. Restoring is just as easy and painless.)
    Before we can remove the entry we "SEE" in WGM we should make sure no
            one has it selected so as not to "corrupt" the OD db, so in WGM first before going to Directory
            Utility set the Home directory to "None".  (We need to remember to set this to a correct share
            later….Mental Note!!!)
            Now Open Directory Utility
            Method 1
            System Preferences > Users & Groups > Login Options
            Click the Lock to make changes…
            Authenticate -> click "OK"          (do I REALLY have to step-by-step this?)
            Network Account Sever: • Local Server - click "Edit" button here.
            Open Directory Utility > Directory Editor
            (          Wow, did Apple hire someone from Microsoft?  You'ld think with all their research in to
                      Human Interface Design that's WAY too many clicks to get to something you need.          )
            or
            Method 2 (It's good to know about this directory, neat-o speed-o app's hidden here.)
            Use "Go to Folder" Under Finder > Go > Go to Folder...
    ⇧⌘G /System/Library/CoreServices/ 
            Click "OK"
            and Double click Directory Utility.app
            or
            Method 3
            Terminal
            open /System/Library/CoreServices/Directory\ Utility.app/
            Now From the Directory Editor Pane you will see a Pop-up menu Labeled "Viewing"
            You should glance through this and get to know it.  You should use it to see what
            information is really being stored about your Users, Groups, Mounts…
            We are interested in Mounts, which is where we want to go…and there is the pesky
            mount that you will see reflected in WGM.
            Authenticate, and delete the bugger.
            Quit WGM and restart it.  Voila, bad share is GONE!!!!!
            a.)          First select all my users
            b.)           Then I clicked on the "+" and added the correct share
                      (          Remember, I only showed you the first one we created, this is another and
                                for THIS one you HAVE to go into Server.app and verify that it is set to be
                                available for Home Directories in this case for AFP.          )
                      For the home directory entry you do this...
                      afp://computer.domain.com/Accounts-afp
                      %short_name%
                      /Network/Servers/computer.domain.com/Volumes/Hard\ Drive/Department/Accounts/%short_name%
    %short_name% is a wild card for the short name there are other wild cards check out Apple's
                      Documentation on them.  I lost the link   sorry \<shrug\>
            Interesting dscl commands…(check it out in command line form and compare side by side with
            what you see in the GUI Directory Utility)
            dscl . list /users
            dscl . list /groups
            If you want to output information about each user, though, use readall:
            dscl . readall /users
            dscl . readall /groups
            And if you need to programatically parse said information, use -plist to make your life easier:
            dscl -plist . readall /users
            dscl -plist . readall /groups
            This made a little more direct sense to me, language wise…but fyi "." is kind of a wild card I think so the first
            commands I think look in ALL directories local, Search, LDAP whatever you have.  The command here
            corresponds to the Entry from the Pop-up menu "…in node > Blah…" see GUI of Directory Utility to confirm.
            dscl /LDAPv3/127.0.0.1 -list /Users
            dscl /Local/Default -list /Users
  5.)          Workgroup Manager
            Remember this is a utility that is not long for this world.  Apple's Mountain Lion is rumored to fully
            replace it, why? Yea, Apple's making a go at MDM (Mobile Device Management) and somehow
            desktop computers are being pulled/dragged along for the ride.  I have plenty of issues with
            Profile Manager, but I'll likely revisit it in a couple of months and see where we stand.
            Anyway, treat this baby like the bottom rung, because, well it is built like you start your
            foundation here, but it's just a viewer with controlling "tweaks".  Use the other areas to get a solid
            grasp of what is actually going on.  Server.app is where you should create accounts you can
            feel are safe.  When you create accounts in WGM, you are responsible for making sure they
            have the appropriate EVERYTHING.
  This list is by no means complete, but these are the areas this noob is or was prepared to talk about.
  Good night for now.  Enjoy climbing my wall of text, and yea sorry about that.  :O Run for you lives!!!!
    - Signed Shadowwraith

• Cannot login with mobile account when server is switched off

  Hello all,
  First of all, my condolences to the Jobs family. 
  OK.  On with my problem.  I apologise in advance if this has been answered before.  I've trawlled through various boards and I can't seem to find an answer.
  I'll try to keep it brief.
  I've set up a mac mini with lion server.  Done all necessary updates.
  I have a lion macbook which is the client.
  On server, created an Open Directory etc..
  I created 2 mobile network accounts on the server.  Set preferences etc..  Added both to workgroup.
  Added the client to the domain in system prefs login options.
  Logged into the 2 accounts on the client.  All working well.  Can see my mounts.  Mobile accounts created successfully and syncing working.
  So, the problem I have is, when I shutdown the server, my mobile accounts on the client disappear.  Also, the login screen states, 'Network accounts are unavailable.'
  I've been looking at this for a week now and it's driving me mad.  I must have missed something - can anyone shed any light on this please?
  With thanks, Paul.

  oh well - gave up and reinstalled lion server.
  GROAN!

• Mobile Account on Second Partition - Mac with AD Bind

  We've recently started binding our Macs into Active Directory and are using our associates' network credentials to login. Our Macs are setup with two partitions - one for the OS and Apps and one for the associates home folders. A modified MCX setting creates a home folder on the secondary partition the first time they login.
  My problem is that the associate accounts appear as "External" instead of "Mobile" in System Preferences and our preference would be that the accounts remain "Mobile". If I let the MCX settings create the Mobile account on the OS partition in /Users, it stays a Mobile account. From there we can manually move the home folder and point the account to the secondary partition and it remains a Mobile account.
  So I'm looking for advice on deploying a home folder to a secondary partition and having it appear as "Mobile" rather than "External". Thanks!

  That just the way it is.....

• AD account Login problem with MAC 10.6.8

  Hi All,
  We have around 50 odd MAC that are connected to windows server 2008 R2. the user were logining in to these MACs using their AD account. Recently few of the random MAC did not allow the user to login using their AD account.When analyzed though the MAC shows that it has connected to the Domain and the server is active with green button it has unbind itself from the server.I had to login in as local user bind the MAC back to get this resolved.
  Now the same has started happeneing for most of the MAC that we have and every morning I have login as local Admin and unbind / bind the MAC with the server. this gets reset once the user reboots or shutsdown.
  Have tried with few of the below solution but nothing helped:
  Solution 1:
  <key>mdns_timeout</key>
  <integer>2</integer>
  The integer value is in seconds; changing it to at least 5 should allow the Mac OS X client to reconnect to the Active Directory domain after a network interruption. In some configurations, a larger timeout value may be required.
  You can change this value by using the sudo command and a text editor to edit the preference file directly. Or you can use the Terminal command below, making sure to enter it all on a single line:
  sudo /usr/libexec/PlistBuddy -c 'Set :mdns_timeout 5' /System/Library/SystemConfiguration/IPMonitor.bundle/Contents/Info.plist
  Solution 2:
  I have seen all of the probable solutions and tried everything and still I am getting issues with 10.6.6 and after rebooting the Mac gets unbind. Or the Mac gets Network Accounts Available even when not accessing the list of users from AD. But the thing that I have done that has solved all my issues with AD on the Macs is to uncheck the box to search on all domains. For some reason I am seeing that when the Macs have this option checked, it searches through out the forest on the same domain controller more than once, so AD stops the handshaking of the authentication.
  I hope this helps like it did on our Network, since then I have not seen the Macs lose the binding or slow SMB.
  If you've tried this please let us know.
  TIP: Uncheck Allow Authentication from any domain for Mac AD problems
  Wednesday, April 20, 2011
  Steven Wells sent a fix and an explanation of problems with Macs losing their binding to Active Diretory:
  Unchecking "Allow authentication from any domain in the forest" is working at our college. We have been beating our heads on this for about 2 terms, with no understanding of why it works in some places and not in others. When we found this working, our IT guy said that the Security SID is being duplicated, when it looks in other domain forest, and that is what is causing the problem. This is the first time I have found an explanation for the problem.
  If you've tried this approach please let us know.
  Solution 3:
  Solved it. Create a file in Textedit with the name 'auto_master' (no file extension) with the following contents:
  # Automounter master map
  +auto_master # Use directory service
  /net -hosts -nobrowse,hidefromfinder,nosuid
  /home auto_home -nobrowse,hidefromfinder
  #/Network/Servers -fstab
  /- -static
  Place this in /etc/ folder
  Hope this helps
  solution 4:
  TIP: a Kerberos fix for OS X 10.5 and 10.6 binding to Active directory
  Friday, November 11, 2011
  Mehdi Mafi forwarded a fix he found for problems with Leopard and Snow Leopard binding to Active Directory:
  This was taken from Dane Riley's imaging building for DeployStudio.
  With Mac OS X Leopard every Mac is now running a KDC (Kerberos Distribution Center). Basically each imaged machine is using the same security certificate and hash. Deploying a single image will deploy the same KDC to every system. This [Apple] article covers how to reset the local KDC so that each system is unique. Basically, do the following:
  Launch Keychain Access
  Search for com.apple.kerberos.kdc and delete all 3 items
  Using Terminal type sudo rm -fr /var/db/krb5kdc
  After deployment, perhaps using Apple Remote Desktop to all systems, re- establish the KDC by typing sudo /usr/libexec/configureLocalKDC
  If you've tried this approach with Mac OS X 10.5, 10.6, or even Lion, please let us know. .
  TIP: More on a kerberos fix for AD binding problems
  Monday, November 14, 2011
  Mehdi Mafi updated his Friday report about Mac OS X 10.6 problems binding to Active Directory:
  You may want to add this. If the Mac keeps unbinding from AD (people can't log in to a Mac), here is how to fix it:
  Unbind it from Domain
  Launch Keychain Access
  Search for com.apple.kerberos.kdc and delete all 3 items
  Using Terminal type sudo rm -fr /var/db/krb5kdc
  Re-establish the KDC by typing sudo /usr/libexec/configureLocalKDC
  Bind it to domain again ( When you bind, uncheck allow authentication from any domain in the forest in: Directory Utilitiy-> Advanced Options\Administrative ) this fix the issue that sometimes it can' find AD under search space.
  If you tried this please let us know.
  Solution 5:
  For Snow Leopard AD login issues, use upper case domain
  Solution 6: for .local
  To create this StartupItem, create the following directory as root:
  /Library/StartupItems/FixADAuth
  Then chown it to root:wheel and chmod it to 755. These must also be the owner/permissions on the two files it will contain, below:
  Contents of our /Library/StartupItems/FixADAuth/FixADAuth:
  #!/bin/bash
  . /etc/rc.common
  date > /var/log/FixADAuth.log
  n=0
  AuthSuccess=0
  while [ $AuthSuccess != 1 ]
  do
  id Administrator && AuthSuccess=1 || networksetup -setsearchdomains Ethernet "Empty"; networksetup -setsearchdomains Ethernet middlewich.local; n=$(($n+1))
  done
  echo Authentication successful: $AuthSuccess >> /var/log/FixADAuth.log echo Operation count: $n >> /var/log/FixADAuth.log
  date >> /var/log/FixADAuth.log
  Contents of our /Library/StartupItems/FixADAuth/StartupParameters.plist:
  Description = "Fixes Active Directory authentication issue";
  Uses = ("Disks");
  Obviously you'll need to change "middlewich.local" to your own domain name (and the network interface name if your connection is wireless). The script checks to see if it can see the user "Administrator" on the domain, as he's a fairly common bloke, but if you've renamed yours for security reasons then pick another one. I've also included some logging functionality for debug purposes, so you can verify how well the script is working if you need to and time it in your environment before telling the users how long to wait. The /var/log/FixADAuth.log file will contain the date/time the process started, the success variable set to 1 (just to verify), how many DNS operations were required to fix the problem, and the date/time it ended. For us the time difference is normally about +30-40 seconds with around 120-180 operations taking place. Once you're happy with the script, you can strip it down to its bare functionality if you like, like so for us:
  #!/bin/bash
  . /etc/rc.common
  AuthSuccess=0
  while [ $AuthSuccess != 1 ]
  do
  id Administrator && AuthSuccess=1 || networksetup -setsearchdomains Ethernet "Empty"; networksetup -setsearchdomains Ethernet middlewich.local
  done
  I hope this helps someone!
  Regards

  You are welcome.
  But the question is 10.6 mac  just like 10.6.8  , as long  as its the same and works.
  Yes. You can save some updates by using the combo update.
  10.6.8 Combo Updater

• No IP address, everytime I'm close to my mums mac running off the same wifi, it's giving me this error. I can trouble shoot for about 3 mins and fix it, but it just keeps happening and I need a permanent fix for it. Any help?

  No IP address, everytime I'm close to my mums mac running off the same wifi, it's giving me this error. I can trouble shoot for about 3 mins and fix it, but it just keeps happening and I need a permanent fix for it. Any help?

  this is what you need to do to exclude everything apart from desktop.
  on time machine preferences, click on Options
  click plus sign, on the new window, click macintosh HD
  do a Control + A then deselect users then click okay
  go to options again, plus sign, go to users, control +A then deselect your user account
  go to options again, plus sign, go to your user account, control + A, deselect desktop
  start the back up.